The invention relates to systems and methods for protecting a computer system from malware, and in particular systems and methods that use hardware virtualization technology.
Malicious software, also known as malware, affects a great number of computer systems worldwide. In its many forms such as computer viruses, worms, and rootkits, malware presents a serious risk to millions of computer users, making them vulnerable to loss of data and sensitive information, identity theft, and loss of productivity, among others.
A typical malware attack comprises malware exploiting a vulnerability of a software object, such as an application executing on a computer system or smartphone, to take control of the respective system in order to perform malicious activities, such as installing software components, carrying out illegitimate electronic communications with a remote computer system, and stealing sensitive information, among others.
Various software solutions may be used to detect malware, and/or to prevent such malware from executing on a computer system. Anti-malware software is typically configured to access a much broader range of file and data types than other applications. An exemplary anti-malware application may be able to process executable files, image files, databases, and portable document files (PDF), among others. Handling so many data types may make anti-malware software especially vulnerable to attacks. Moreover, typical anti-malware software executes with relatively high processor privileges, so a successful attack on an anti-malware component may give a substantial advantage to the attacking entity. Anti-malware software may thus be a preferred target for malware.
Hardware virtualization technology allows the creation of simulated computer environments commonly known as virtual machines (VM), which behave in many ways as physical computer systems. A virtual machine may be set up to execute applications in an environment, which is approximately isolated from the environment of another VM, thus increasing data security and privacy. There is considerable interest in developing anti-malware solutions which take advantage of such facilities offered by hardware virtualization technology.